1. Field of the Invention
This invention relates to selecting a Security Association (SA) timer between user equipment (UE) and a control entity in a communication system and in a preferred application selecting a SA timer for IPSec SA between the UE and a proxy call state control function (P-CSCF) in a 3G communications environment.
2. Description of the Prior Art
FIG. 1 illustrates a block diagram of a successful set up of SAs as set forth in Section 7.2 of 3GPP TS 33.203 V5.3.0 (2002-03), which is incorporated herein by reference in its entirety.
In the packet switched domain, service is not provided until a SA is established between the UE and the communication system 10 such as the P-CSCF. An IP Multimedia Core Network Subsystem (IMS) is essentially an overlay to the packet switched domain and has a low dependency on the packet switched domain. Consequently, a separate SA is required between a multimedia UE (client) and the IMS before access is granted to multimedia services.
The SA set up procedure is necessary in order to decide what security services to apply and when the security services are to start in the IMS. In the IMS, authentication of users is performed during registration as specified in section 6.1 of the aforementioned 3GPP publication. Subsequent signalling communications in a session are integrity protected based on keys derived during the authentication process.
For protecting IMS signalling between the UE and the P-CSCF, it is necessary to agree on shared keys that are provided by the IMS Authentication and Key Agreement (AKA) protocol and a set of parameters specific to a protection method. The security mode set up as described below with reference to FIG. 1 is used to negotiate the SA parameters required for authentication, but without confidentiality. Section 7.1 of the aforementioned 3GPP publication describes the SA parameters.
FIG. 1 illustrates the normal case of setup of SAs using SIP protocol messages when failure does not occur. Some of the nodes and messages in a typical SIP architecture, which are not directly related to the set up of a SA, have been omitted. Accordingly, there are gaps in the numbering of messages and the Interrogating Call State Control Function (I-CSCF) has been omitted. The UE sends a SM1 REGISTER message to the P-CSCF and towards the Serving Call State Control Function (S-CSCF) to register the location of the UE and to set up the security mode. In order to start the security mode set-up procedure, the UE includes a security set-up line in the SM1 REGISTER message. The security set-up line in SM1 contains the Service Provisioning Infrastructure (SPI) numbers, the protected port selected by the UE and a list of identifiers for the integrity algorithms which the UE supports. Upon receipt of the SM1 REGISTER message by the P-CSCF, the P-CSCF temporarily stores the parameters received in the security set-up line together with the UE's IP address from the source IP address of the IP packet header, the IP multimedia IM Private Identity (IMPI) and the IM Public Identity (IMPU). The P-CSCF sends a SM2 REGISTER message to the S-CSCF. Upon receipt by the P-CSCF of a SM4 4xx Auth_Challenge message originated from the S-CSCF in response to the SM2 REGISTER message, the P-CSCF adds the key IKIM received from the S-CSCF to the temporary stored parameters. The P-CSCF then selects the SPI for the inbound SA. The P-CSCF defines the SPIs such that they are unique and different from any SPIs received in the security-set-up line of the UE. This role is needed since the UE and the P-CSCF use the same key for inbound and outbound traffic. In order to determine the integrity of the algorithm, the P-CSCF proceeds such that the P-CSCF has a list of integrity algorithms that the P-CSCF supports, ordered by priority. The P-CSCF selects the first integrity algorithm on its own which is also supported by the UE. The P-CSCF then establishes another pair of SAs in the local security association data base. The security set-up line in the SM6 message contains the SPI assigned by the P-CSCF and a fixed number of the protected port at the P-CSCF. The SM6 message also contains a list of identifiers for the integrity algorithms which the P-CSCF supports. Upon receipt of the SM6 message, the UE determines the integrity algorithm so that UE selects the first integrity algorithm on the list received from the P-CSCF in the SM6 message which is also supported by the UE. The UE then proceeds to establish another pair of SAs. The UE integrity protects the SM7 message and all the following SIP messages. The list of integrity algorithms received in SM6 message are included. After receiving the SM7 message from the UE, the P-CSCF checks whether the integrity algorithm list received in the SM7 message is identical with the integrity algorithms list in the SM6 message. If this is not the case, the registration procedure is aborted. The P-CSCF includes in the SM8 message information for the S-CSCF that the received message from the UE was integrity protected. The P-CSCF adds this information to all subsequent registration messages received from the UE that have successfully passed the integrity check in the P-CSCF. The S-CSCF sends a SM10 2xx Auth_Ok message to the P-CSCF. The P-CSCF sends a SM12 2xx Auth_Ok message to the UE. The SM12 message does not contain information specific to security mode setup (i.e., a security-set-up line). However, when the SM12 message does not indicate any error, the P-CSCF confirms that security mode setup has been successful. After receiving the SM12 message not indicating any error, the UE assumes successful completion of the security-mode set-up.
Every registration message that includes a user authentication attempt produces new SAs. If the authentication attempt is successful, then these new SAs replace previous ones. If the UE has an already active SA, then the UE uses this to protect the registration message. IF the S-CSCF is notified by the P-CSCF that the registration message from the UE was integrity protected, the S-CSCF may decide not to authenticate the user by means of the AKA protocol. However, the UE may send unprotected registration messages at any time. In this case, the S-CSCF authenticates the user by means of the AKA protocol. In particular, if the UE has an indication that the SA is no longer active at P-CSCF side, the UE sends an unprotected registration message. SAs may be unidirectional or bidirectional. For IP layer SAs, the lifetime is held at the application layer. Furthermore, deleting a SA means deleting the SA from both the application and the IPsec layer.
A UE is involved in only one registration procedure at a time. The UE removes any data relating to any previous incomplete registrations or authentications, including SAs created by an incomplete authentication. The UE may start a registration procedure with an existing pair of SAs. These SAs are referred to as an old SAs. The authentication produces a pair of new SAs. These new SAs shall not be used to protect non-authentication traffic until noted during the authentication of flow. In the same way, certain message in the authentication are protected with a particular SA. If the UE receives a message protected with incorrect SA, it shall discard the message.
RFC 3261, which is incorporated herein by reference in its entirety, describes the SIP protocol. As described in Section 10.3 therein, when a UE sends a REGISTER message, a registrant, which may be the P-CSCF, processes the request. The REGISTER message has a Contact address and Contact header field for each address.
The determination of the expiration time of registration of a UE is as follows:    (1) if the field value has an expires parameter, that value must be used.    (2) If there is no such parameter, but the request has an Expires header field, that value must be used.    (3) If there is neither, a locally configured default value must be used. The registrant may shorten the expiration interval.
With the SIP protocol, the so-called “non-INVITE transaction timeout timer” is 32 seconds. This timer is used as a temporary timer when sending the SM4 and SM6 messages as described above. The UE has 30 seconds to send the SM7 REGISTER message, containing the response to the SM6 4xx Auth_Challenge message by the network. When the authentication challenge in the SM6 message is answered in time with SM7 and SM8 REGISTER messages and the result is verified by the network, a SIP 200 Ok response is sent to the UE with messages SM10 and SM12 described above. The 200 Ok message contains an Expires header or a Contact field described above that indicates the time length of the registration of the UE with the control entity.
In the prior art, the SA timer can be set rather long, which results in network inefficiency in database management and the chance for UE to flood attack the P-CSCF with messages that require an appropriate response. If the UE does not have a SA with the network, such messages do not reach the P-CSCF which is preferred by the network operators because of more efficient use of resources.
In 3G communication systems, the UE has to register and re-register from time to time. When a re-registration is not requested within a specified time, subscriber data is deleted from the network elements responsible for handling the communications to and from the UE, such as the P-CSCF. Therefore, a registration timer is maintained in the UE to determine when re-registration is appropriate.